#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
9677192c |
|
24-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: enable QueryVariableInfo at runtime for file backed variables Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
00da8d65 |
|
18-Apr-2024 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: add an EFI variable with the file contents Previous patches enabled SetVariableRT using a RAM backend. Although EBBR [0] defines a variable format we can teach userspace tools and write the altered variables, it's better if we skip the ABI requirements completely. So let's add a new variable, in its own namespace called "VarToFile" which contains a binary dump of the updated RT, BS and, NV variables and will be updated when GetVariable is called. Some adjustments are needed to do that. Currently we discard BS-only variables in EBS(). We need to preserve those on the RAM backend that exposes the variables. Since BS-only variables can't appear at runtime we need to move the memory masking checks from efi_var_collect() to efi_get_next_variable_name_mem()/ efi_get_variable_mem() and do the filtering at runtime. We also need an efi_var_collect() variant available at runtime, in order to construct the "VarToFile" buffer on the fly. All users and applications (for linux) have to do when updating a variable is dd that variable in the file described by "RTStorageVolatile". Linux efivarfs uses a first 4 bytes of the output to represent attributes in little-endian format. So, storing variables works like this: $~ efibootmgr -n 0001 $~ dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1 [0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Suggested-by: Ard Biesheuvel <ardb@kernel.org> # dumping all variables to a variable Co-developed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> # contributed on efi_var_collect_mem() Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
26080159 |
|
17-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: typo mstching %s/mstching/matching/ Reported-by: E Shattow <lucent@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
df1076af |
|
05-Apr-2024 |
Ilias Apalodimas <apalos@gmail.com> |
efi_loader: move efi_var_collect to common functions efi_var_collect() was initially placed in efi_var_file.c, since back then we only supported efi variables stored in a file. Since then we support variables stored in an RPMB as well and use that function to collect variables that should be present at runtime. So let's move it around in efi_var_common.c which makes more sense Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <apalos@gmail.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
19327c1f |
|
03-Apr-2024 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: all variable attributes are 32bit GetVariable() and SetVariable() use an uint32_t value for attributes. The UEFI specification defines the related constants as 32bit. Add the missing EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS constant. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
c38cb227 |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
efi_loader: Remove <common.h> We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
454a9442 |
|
02-Feb-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: update attribute check for QueryVariableInfo() Current U-Boot supports two EFI variable service, U-Boot own implementation and op-tee based StMM variable service. With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0, there are several failure items of QueryVariableInfo(). Current attribute check for QueryVariableInfo() was implemented based on the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). This test case specification is outdated and don't align at all with the SCT test case code, and UEFI specification v2.10 does not clearly define the priority of the attribute check. For U-Boot standard case that EFI variables are stored in a file in the ESP, this commit modifies the attribute check to get align to the EDK2 implementation. For latter case(op-tee based StMM variable service), parameter check should be delegated to StMM. Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable storage implementations. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
156ccbc3 |
|
23-Jan-2022 |
Simon Glass <sjg@chromium.org> |
efi: Use 16-bit unicode strings At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ce00a740 |
|
16-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: use %pUs for printing GUIDs For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide readable debug output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e618d1d2 |
|
09-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: function to get GUID for variable name In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d47671c6 |
|
08-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: treat UEFI variable name as const UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
7219856d |
|
01-Sep-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: correct determination of secure boot state When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
b191aa42 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9ef82e29 |
|
25-Aug-2021 |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
417a3c24 |
|
30-Jun-2021 |
Masami Hiramatsu <masami.hiramatsu@linaro.org> |
efi_loader: Improve the parameter check for QueryVariableInfo() Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f6081a8a |
|
13-May-2021 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
37c3ca5c |
|
17-Mar-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Add helper functions for EFI A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
dd92aad8 |
|
30-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
efi_loader: add copyright notice Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
e01aed47 |
|
23-Jul-2020 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
efi_loader: Enable run-time variable support for tee based variables We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
99bfab8b |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
012c56ac |
|
14-Jul-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
01df8cf3 |
|
26-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
f2d2b3a1 |
|
22-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|